From e1dd469d2164a95cda3ccc4d34d3ed0243217abb Mon Sep 17 00:00:00 2001 From: xiaomlove Date: Mon, 8 May 2023 03:18:07 +0800 Subject: [PATCH] improve user_can() --- include/constants.php | 2 +- include/globalfunctions.php | 8 ++++++- public/ajax.php | 42 ++++++++++++++++++------------------- public/email-gateway.php | 7 ++++--- 4 files changed, 33 insertions(+), 26 deletions(-) diff --git a/include/constants.php b/include/constants.php index c5224f3a..bd0c70bf 100644 --- a/include/constants.php +++ b/include/constants.php @@ -1,6 +1,6 @@ = date('Y-m-d H:i:s')); diff --git a/public/ajax.php b/public/ajax.php index ff2073e6..7c8fea7d 100644 --- a/public/ajax.php +++ b/public/ajax.php @@ -3,7 +3,7 @@ require "../include/bittorrent.php"; dbconn(); loggedinorreturn(); -$action = $_POST['action'] ?? 'noAction'; +$action = $_POST['action'] ?? ''; $params = $_POST['params'] ?? []; class AjaxInterface{ @@ -14,15 +14,15 @@ class AjaxInterface{ $rep = new \App\Repositories\MedalRepository(); return $rep->toggleUserMedalStatus($params['id'], $CURUSER['id']); } - - + + public static function attendanceRetroactive($params) { global $CURUSER; $rep = new \App\Repositories\AttendanceRepository(); return $rep->retroactive($CURUSER['id'], $params['timestamp']); } - + public static function getPtGen($params) { $rep = new Nexus\PTGen\PTGen(); @@ -35,41 +35,41 @@ class AjaxInterface{ return ''; } } - + public static function addClaim($params) { global $CURUSER; $rep = new \App\Repositories\ClaimRepository(); return $rep->store($CURUSER['id'], $params['torrent_id']); } - + public static function removeClaim($params) { global $CURUSER; $rep = new \App\Repositories\ClaimRepository(); return $rep->delete($params['id'], $CURUSER['id']); } - + public static function removeUserLeechWarn($params) { global $CURUSER; $rep = new \App\Repositories\UserRepository(); return $rep->removeLeechWarn($CURUSER['id'], $params['uid']); } - + public static function getOffer($params) { $offer = \App\Models\Offer::query()->findOrFail($params['id']); return $offer->toArray(); } - + public static function approvalModal($params) { global $CURUSER; $rep = new \App\Repositories\TorrentRepository(); return $rep->buildApprovalModal($CURUSER['id'], $params['torrent_id']); } - + public static function approval($params) { global $CURUSER; @@ -81,7 +81,7 @@ class AjaxInterface{ $rep = new \App\Repositories\TorrentRepository(); return $rep->approval($CURUSER['id'], $params); } - + public static function addSeedBoxRecord($params) { global $CURUSER; @@ -91,28 +91,28 @@ class AjaxInterface{ $params['status'] = \App\Models\SeedBoxRecord::STATUS_UNAUDITED; return $rep->store($params); } - + public static function removeSeedBoxRecord($params) { global $CURUSER; $rep = new \App\Repositories\SeedBoxRepository(); return $rep->delete($params['id'], $CURUSER['id']); } - + public static function removeHitAndRun($params) { global $CURUSER; $rep = new \App\Repositories\BonusRepository(); return $rep->consumeToCancelHitAndRun($CURUSER['id'], $params['id']); } - + public static function consumeBenefit($params) { global $CURUSER; $rep = new \App\Repositories\UserRepository(); return $rep->consumeBenefit($CURUSER['id'], $params); } - + public static function clearShoutBox($params) { global $CURUSER; @@ -120,21 +120,21 @@ class AjaxInterface{ \Nexus\Database\NexusDB::table('shoutbox')->delete(); return true; } - + public static function buyMedal($params) { global $CURUSER; $rep = new \App\Repositories\BonusRepository(); return $rep->consumeToBuyMedal($CURUSER['id'], $params['medal_id']); } - + public static function giftMedal($params) { global $CURUSER; $rep = new \App\Repositories\BonusRepository(); return $rep->consumeToGiftMedal($CURUSER['id'], $params['medal_id'], $params['uid']); } - + public static function saveUserMedal($params) { global $CURUSER; @@ -153,15 +153,15 @@ class AjaxInterface{ } $class = 'AjaxInterface'; -$reflection = new ReflectionClass($class); +$reflection = new \ReflectionClass($class); try { - if($reflection->hasMethod($action)&&$reflection->getMethod($action)->isStatic()) { + if($reflection->hasMethod($action) && $reflection->getMethod($action)->isStatic()) { $result = $class::$action($params); exit(json_encode(success($result))); } else { do_log("hacking attempt made by {$CURUSER['username']},uid {$CURUSER['id']}", 'error'); - throw new \RuntimeException("no Action"); + throw new \RuntimeException("Invalid action: $action"); } }catch(\Throwable $exception){ exit(json_encode(fail($exception->getMessage(), $_POST))); diff --git a/public/email-gateway.php b/public/email-gateway.php index a26a659e..a13828a5 100644 --- a/public/email-gateway.php +++ b/public/email-gateway.php @@ -1,4 +1,5 @@ "; @@ -28,7 +29,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") $subject = substr(htmlspecialchars(trim($_POST["subject"])), 0, 80); if ($subject == "") $subject = "(No subject)"; $subject = "Fw: $subject"; - + $message = htmlspecialchars(trim($_POST["message"])); if ($message == "") stderr("Error", "No message text!"); @@ -38,7 +39,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") $message . "\n\n" . "---------------------------------------------------------------------\n$SITENAME E-Mail Gateway\n"; - $success = sent_mail($to,$from,$from_email,$subject,$message,"E-Mail Gateway",false); + $success = sent_mail($to,$from,$from_email,$subject,$message,"E-Mail Gateway",false); if ($success) stderr("Success", "E-mail successfully queued for delivery.");